ID CVE-2014-9294
Summary util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack.
References
Vulnerable Configurations
  • NTP 4.2.7
    cpe:2.3:a:ntp:ntp:4.2.7
CVSS
Base: 7.5 (as of 01-11-2016 - 13:05)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
redhat via4
advisories
  • rhsa
    id RHSA-2014:2025
  • rhsa
    id RHSA-2015:0104
rpms
  • ntp-0:4.2.6p5-19.el7_0
  • ntp-doc-0:4.2.6p5-19.el7_0
  • ntp-perl-0:4.2.6p5-19.el7_0
  • ntpdate-0:4.2.6p5-19.el7_0
  • sntp-0:4.2.6p5-19.el7_0
  • ntp-0:4.2.6p5-2.el6_6
  • ntp-doc-0:4.2.6p5-2.el6_6
  • ntp-perl-0:4.2.6p5-2.el6_6
  • ntpdate-0:4.2.6p5-2.el6_6
  • ntp-0:4.2.2p1-18.el5_11
refmap via4
bid 71762
cert-vn VU#852879
cisco 20141222 Multiple Vulnerabilities in ntpd Affecting Cisco Products
confirm
hp
  • HPSBGN03277
  • HPSBOV03505
  • HPSBPV03266
  • HPSBUX03240
  • SSRT101872
mandriva MDVSA-2015:003
secunia 62209
Last major update 02-01-2017 - 21:59
Published 19-12-2014 - 21:59
Back to Top